mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 19:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #16847. Session Cookies now default to httponly = True.

Browse source 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17135 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Paul McMillan 2011-11-21 22:03:03 +00:00
parent 43c5d35315
commit 4d975b4f88
5 changed files with 40 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/ref/request-response.txt
View file

@ -638,7 +638,7 @@ Methods
Returns ``True`` or ``False`` based on a case-insensitive check for a
header with the given name.
.. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False)
.. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=True)
.. versionchanged:: 1.3
@ -646,6 +646,10 @@ Methods
``expires``, and the auto-calculation of ``max_age`` in such case
was added. The ``httponly`` argument was also added.
.. versionchanged:: 1.4
The default value for httponly was changed from ``False`` to ``True``.
Sets a cookie. The parameters are the same as in the :class:`Cookie.Morsel`
object in the Python standard library.
@ -673,7 +677,7 @@ Methods
.. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly
.. method:: HttpResponse.set_signed_cookie(key, value='', salt='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False)
.. method:: HttpResponse.set_signed_cookie(key, value='', salt='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=True)
.. versionadded:: 1.4